From db63bd82559fb79424080c070dd53e2a50b7135e Mon Sep 17 00:00:00 2001
From: Gary Jones <gary.jones@automattic.com>
Date: Sun, 5 Feb 2023 17:22:37 +0000
Subject: [PATCH] ProperEscapingFunction: Fix short tag detection

The tracking variable `$in_short_echo` was never reset when checking different files, meaning that the property would carry over and provide the wrong context to the next file.

By adding a `process()` method to the ProperEscapingFunctionSniff, we can reset the tracking variable at the start of each file by comparing the currently processing file to the last one stored in a static variable.

Includes two unit test files, numbered in the order needed to trigger the bug if the fix wasn't present.

Fixes #739.
---
 .../Security/ProperEscapingFunctionSniff.php  | 23 +++++++++++++++++++
 .../ProperEscapingFunctionUnitTest.2.inc      |  8 +++++++
 .../ProperEscapingFunctionUnitTest.3.inc      | 11 +++++++++
 3 files changed, 42 insertions(+)
 create mode 100644 WordPressVIPMinimum/Tests/Security/ProperEscapingFunctionUnitTest.2.inc
 create mode 100644 WordPressVIPMinimum/Tests/Security/ProperEscapingFunctionUnitTest.3.inc

diff --git a/WordPressVIPMinimum/Sniffs/Security/ProperEscapingFunctionSniff.php b/WordPressVIPMinimum/Sniffs/Security/ProperEscapingFunctionSniff.php
index 9b9513f0..1b89314e 100644
--- a/WordPressVIPMinimum/Sniffs/Security/ProperEscapingFunctionSniff.php
+++ b/WordPressVIPMinimum/Sniffs/Security/ProperEscapingFunctionSniff.php
@@ -8,6 +8,7 @@
 
 namespace WordPressVIPMinimum\Sniffs\Security;
 
+use PHP_CodeSniffer\Files\File;
 use WordPressVIPMinimum\Sniffs\Sniff;
 use PHP_CodeSniffer\Util\Tokens;
 
@@ -111,6 +112,28 @@ public function register() {
 		];
 	}
 
+	/**
+	 * Reset short echo context tracking variable for a new file.
+	 *
+	 * @since 2.3.4
+	 *
+	 * @param \PHP_CodeSniffer\Files\File $phpcsFile The file being scanned.
+	 * @param int                         $stackPtr  The position of the current token
+	 *                                               in the stack passed in $tokens.
+	 *
+	 * @return int|void Integer stack pointer to skip forward or void to continue
+	 *                  normal file processing.
+	 */
+	public function process( File $phpcsFile, $stackPtr ) {
+		static $current_file;
+		if ( $phpcsFile !== $current_file ) {
+			$this->in_short_echo = false;
+			$current_file        = $phpcsFile;
+		}
+
+		return parent::process( $phpcsFile, $stackPtr );
+	}
+
 	/**
 	 * Process this test when one of its tokens is encountered
 	 *
diff --git a/WordPressVIPMinimum/Tests/Security/ProperEscapingFunctionUnitTest.2.inc b/WordPressVIPMinimum/Tests/Security/ProperEscapingFunctionUnitTest.2.inc
new file mode 100644
index 00000000..c70d8c35
--- /dev/null
+++ b/WordPressVIPMinimum/Tests/Security/ProperEscapingFunctionUnitTest.2.inc
@@ -0,0 +1,8 @@
+<?php
+/*
+ * This is part one of a two-part test. It must be in a lower-numbered file
+ * than part two, to trigger the bug in
+ * https://github.com/Automattic/VIP-Coding-Standards/issues/739
+ */
+?>
+<?= esc_attr('short_tag') ?>
diff --git a/WordPressVIPMinimum/Tests/Security/ProperEscapingFunctionUnitTest.3.inc b/WordPressVIPMinimum/Tests/Security/ProperEscapingFunctionUnitTest.3.inc
new file mode 100644
index 00000000..27fb4433
--- /dev/null
+++ b/WordPressVIPMinimum/Tests/Security/ProperEscapingFunctionUnitTest.3.inc
@@ -0,0 +1,11 @@
+<?php
+/*
+ * This is part two of a two-part test. It must be in a higher-numbered file
+ * than part one, to trigger the bug in
+ * https://github.com/Automattic/VIP-Coding-Standards/issues/739
+ */
+printf(
+	'<div class="%1$s"><p>%2$s</p></div>',
+	esc_attr($class),
+	wp_kses_post($message)
+);